MCP server authentication and security

MCP server security

The MCP server uses the same authentication as the REST API. Your API token must be kept secure.

Authentication flow

1. You provide CERTORIX_API_TOKEN in environment variables.
2. The MCP server includes the token in Authorization: Bearer headers for all API calls.
3. Certorix API validates the token and checks permissions.
4. If valid, the request proceeds. If invalid, MCP tool returns an error.

Token permissions for MCP

The MCP server can only access what your user can access:

• Admin token – All tools available.
• Editor token – Can create, edit, publish trees and facts. Cannot delete or manage billing.
• Viewer token – Read‑only tools only (list_trees, get_tree, list_facts, get_fact).

Network security

• All MCP traffic is over TLS 1.3 (HTTPS).
• No plaintext communication.
• Certorix API domain is HSTS preloaded.

Local MCP server security

The MCP server runs locally on your machine (when used with Claude Desktop or Cursor). Security considerations:

• The token is stored in plaintext in claude_desktop_config.json or environment variables.
• Ensure your machine is secure (encrypted disk, strong login password).
• Do not share your claude_desktop_config.json with others.
• Use a dedicated token for MCP (regenerate if compromised).
• Rotate tokens periodically (every 90 days).

Audit logging for MCP actions

All actions performed via MCP are logged in the audit log with:

• User: Your email (since token identifies you).
• Action: Same as API actions (e.g., tree.created, fact.certified).
• Source: 'MCP' in the user agent field.
• IP address: (your machine's public IP).

Revoking MCP access

To revoke all MCP access:

1. Go to MCP / API page.
2. Click Regenerate token.
3. Update or remove the token in your MCP client configs. The old token stops working immediately.